ZDNet Multiplexer

mul-ti-plexer-er. noun. A device, in electronics, that synthesizes disparate data signals into a single, uniform output. ZDNet Multiplexer merges various perspectives, media types, and data sources and synthesizes them into one clear message, via a sponsored blog.

ZDNet Multiplexer allows marketers to connect directly with the ZDNet community by enabling them to blog on the ZDNet publishing platform. Content on ZDNet Multiplexer blogs is produced in association with the sponsor and is not part of ZDNet's editorial content.

BROUGHT TO YOU BY

RSA: NSA Testing Motorola Android Smartphones for Top-Secret Calls

Who says Android is the most insecure mobile OS around? Not the National Security Agency, which is conducting a pilot of 100 Motorola smartphones running the Android OS that it says are already good enough for its employees to make top-secret and classified phone calls from the field.

Who says Android is the most insecure mobile OS around? Not the National Security Agency, which is conducting a pilot of 100 Motorola smartphones running the Android OS that it says are already good enough for its employees to make top-secret and classified phone calls from the field.

"There are vulnerabilities in every OS," said Margaret Salter, a technical director in the NSA's Information Assurance Directorate (IAD), during a talk Wednesday morning at the RSA Conference in San Francisco. "The beauty of our strategy is that we looked at all of the components, and then took stuff out of the (Android) OS we didn't need. This makes the attack surface very small."

For the NSA, the open-source nature of Android tipped the balance in its favor. "It's not because iOS was lousy, no. It's because of certain controls we needed. We were able to make some modifications to Android. Android had that freedom," she said. Does that mean the NSA is wedded to the Google OS? "It's not our intention to use only Android."

Since the NSA's founding in 1952, the IDA had been the sole creator of proprietary equipment used by U.S. Government agents for secure communications. The disadvantage of this approach was that it was more expensive, "took us years to approve a device," said Salter, and also resulted in gear that "though incredibly secure, was not incredibly easy to use."

The Android smartphone pilot, nicknamed Project Fishbowl, is part of the IAD's move away from GOTS (Government-Off-The-Shelf) technology towards best-of-breed COTS (Commercial-Off-The-Shelf) gear that the IAD will customize and integrate.

But the IAD's attempts "to go shopping" for such technology were severely hampered by a lack of interoperability with encryption and other security technologies.

"We wanted everything to be plug and play. And. That. Was. Hard," Salter said. That forced the NSA in some instances, when choosing software, to sacrifice performance in favor of broader support.

She urged vendors interested in supplying the NSA to visit www.nsa.gov/ia/programs, where they can view the NSA's requirements. "We need a partnership with industry," she said.

To cloak the voice calls, the NSA uses two independent layers of encryption, one at the VoIP layer, and the other at the VPN layer. The NSA "put a big X through an SSL VPN client" because, according to Salter, "there is no such thing as an SSL interoperable VPN standard."

Moreover, all voice calls using the Android phones are routed through the NSA's servers. That helps secure the calls so that the phones can be used with any carrier.

The final layers of security include a pair of authentication certificates residing on the handsets, as well as requiring users to log-in with a password before they can use the SIP (Session Initiation Protocol) server. This gives the NSA "good assurance to know who are the users," she said.

Doubly encrypting the calls plus the extra routing did make it initially hard to maintain good voice quality, said Salter. But as of today, there "is only a little bit of delay" in the calls. "You'd only notice it if you were in the same room as the caller and could see his lips moving. But I hope you're not using our phone in that context."

Using the phones overseas does add "some risk, but we also believe that we've spent a lot of effort to completely minimize this risk," Salter said, without going into details. "We actually have more trouble getting the phones to run in certain countries."

With the NSA satisfied with Fishbowl's handling of voice calls, Salter is already looking forward to testing the use of the phones to send and receive data and also do other forms of Unified Communications. Plans are to keep most data on the server.

To harden the handsets, the NSA had "to make changes to the key store" as well as "make a police app that keeps an eye on everything," Salter said.

Other than that, the NSA hasn't built any apps yet, said Salter. The Department of Defense's IT branch, the Defense Information Systems Agency (DISA), may both emulate the NSA pilot and build apps that the NSA could leverage, she said. If so, those apps would be deployed through an internal Enterprise App Store.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.